+

US8578153B2 - Method and arrangement for provisioning and managing a device - Google Patents

Method and arrangement for provisioning and managing a device Download PDF

Info

Publication number
US8578153B2
US8578153B2 US12/606,490 US60649009A US8578153B2 US 8578153 B2 US8578153 B2 US 8578153B2 US 60649009 A US60649009 A US 60649009A US 8578153 B2 US8578153 B2 US 8578153B2
Authority
US
United States
Prior art keywords
key
operator
new
old
subscription
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US12/606,490
Other versions
US20100106967A1 (en
Inventor
Mattias Johansson
Hakan Englund
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Telefonaktiebolaget LM Ericsson AB
Original Assignee
Telefonaktiebolaget LM Ericsson AB
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget LM Ericsson AB filed Critical Telefonaktiebolaget LM Ericsson AB
Priority to US12/606,490 priority Critical patent/US8578153B2/en
Priority to EP09823906.4A priority patent/EP2340654B1/en
Priority to PCT/SE2009/051225 priority patent/WO2010050886A1/en
Priority to CN200980143734.2A priority patent/CN102204299B/en
Assigned to TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) reassignment TELEFONAKTIEBOLAGET LM ERICSSON (PUBL) ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: JOHANSSON, MATTIAS, ENGLUND, HAKAN
Publication of US20100106967A1 publication Critical patent/US20100106967A1/en
Priority to US13/711,990 priority patent/US20140365769A9/en
Application granted granted Critical
Publication of US8578153B2 publication Critical patent/US8578153B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/12Transmitting and receiving encryption devices synchronised or initially set up in a particular manner
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/60Subscription-based services using application servers or record carriers, e.g. SIM application toolkits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/70Services for machine-to-machine communication [M2M] or machine type communication [MTC]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2463/00Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00
    • H04L2463/061Additional details relating to network architectures or network communication protocols for network security covered by H04L63/00 applying further key derivation, e.g. deriving traffic keys from a pair-wise master key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring

Definitions

  • the present invention relates to radio telecommunication systems. More particularly, and not by way of limitation, the present invention is directed to an apparatus and method for remote initial provisioning of Universal Subscriber Identity Modules (USIMs) and subsequent changing of an operator.
  • USIMs Universal Subscriber Identity Modules
  • a typical use case for an M2M device is electric metering.
  • an electric supplier company installs automatic metering devices that report the amount of consumed electricity back to the billing department via a 3GPP network. Since millions of such devices may be installed, remote management of subscriptions would greatly reduce costs, for example, in the case of a change of subscription.
  • the end user and the owner of the devices is an enterprise with a large number of devices in the field. Thus, it is likely that the owner will have its own servers that can manage the devices.
  • Another use case is for built-in terminals in cars.
  • it is a single owner of the car that would like to control which telecommunication operator the car is using, and also the services to which the car is attached such as insurance service, maintenance services, and road toll services.
  • a car owner's mobile terminal could function as the enterprise server above, containing all the necessary intelligence to manage the car.
  • the existing 3GPP architecture and remotely managed procedure for provisioning an M2M device is complex and still leaves security gaps.
  • a Platform Validation Authority (PVA) certificate is installed as a trusted certificate in a M2ME device.
  • PVA Platform Validation Authority
  • all operators with a certificate signed by the PVA are able to perform a valid provisioning of the M2M device. This creates the problem commonly referred to as slamming, i.e., illegal changing of subscribers telephone service without their consent.
  • SHO Selected Home Operator
  • An embodiment of the present invention provides the device with the ability to authenticate that a provisioning of the device is actually initiated by the owner of the device.
  • the invention also provides the device with the ability to authenticate the Discovery and Registration Function (DRF) involved in a change of operator.
  • DRF Discovery and Registration Function
  • a symmetric key K PIMSI is first used to give initial air time, and following this, an asymmetric (or in some cases, symmetric) key K Provision is used to download the DLUSIM.
  • K PIMSI When the operator is changed, a new K PIMSI may be needed, and the invention provides the ability to send a command to the remote device to authorize the change of operator.
  • different end-user services may request to set up secure end-to-end connections. This can be done by allowing the end-user services to download their specific clients onto the device. If this is done, it should be done only with the authorization from the device owner.
  • the key hierarchy can be used to achieve easier operator change and also to facilitate secure end-to-end service set-up.
  • a device is configured with a device key K Device and a plurality of one-way functions enabling derivation of a key hierarchy.
  • K Device the management activities are simplified.
  • the present invention derives all other keys from this single K Device with one-way functions known to the device and device owner, denoted by h i ( ), 0 ⁇ i ⁇ 6.
  • the invention also simplifies the device-manufacturing process and the usability for the end-user, independent of whether the end-user is an enterprise or a consumer. It is also much easier to let the device change its purpose over time.
  • the invention provides a method for updating the device key and for changing a subscriber key.
  • the invention provides a modified M2M device and owner node.
  • the owner node is implemented as an enterprise server or as a mobile entity (ME).
  • Characteristic features of the invention relate to a key-hierarchy extending the DLUSIM framework to also cover general M2M applications and incorporating it into the general Open Mobile Alliance Device Management (OMA DM) framework.
  • OMA DM Open Mobile Alliance Device Management
  • a further extension relates to how to change K Device , and how to change the subscription key without sending it over the cellular channel.
  • the present invention is directed to a method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands include a device key known to the device.
  • the method includes the steps of initiating the change of control by the old manager, the initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager, preferably over a secure connection.
  • the method also includes completing the change of control by the new manager, the completing step including changing the second device key in use between the new manager and the device to a third device key. Upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.
  • the present invention is directed to a method of securely changing a communication device from an old operator to a new operator, wherein the communication device has a subscription key and obeys commands from an operator only if the commands include an authentication key known to the communication device.
  • the method includes the steps of initiating the change of operator by a manager of the communication device; in response to the initiating step, changing a first subscription key in use between the old operator and the communication device to a second subscription key; sending the second subscription key from the old operator to the new operator; and completing the change of operator by the new operator.
  • the completing step includes changing the second subscription key in use between the new operator and the communication device to a third subscription key.
  • the new operator does not know the first subscription key and the old operator does not know the third subscription key.
  • the present invention is directed to a first owner node in a telecommunication network for securely changing ownership of a communication device from the first owner node to a second owner node, wherein the communication device obeys commands from owner nodes only if the commands include a device key known to the communication device.
  • the first owner node includes communication means for sending a command to the communication device to change a currently active device key to a new device key, the command including the currently active device key and a secret parameter known by the first owner node; means for calculating the new device key utilizing the currently active device key and the secret parameter; and communication means for sending the new device key to the second owner node.
  • the present invention is directed to a second owner node in a telecommunication network for securely obtaining ownership of a communication device from a first owner node, wherein the communication device obeys commands from owner nodes only if the commands include a device key known to the communication device.
  • the second owner node includes communication means for receiving from the first owner node, a currently active device key for the communication device; communication means for sending a command to the communication device to change the currently active device key to a new device key, the command including the currently active device key and a secret parameter known by the second owner node; and means for calculating the new device key utilizing the currently active device key and the secret parameter.
  • the present invention is directed to a system for securely changing a communication device from an old operator network to a new operator network, wherein the communication device has a subscription key and obeys commands from an operator network only if the commands include an authentication key known to the communication device.
  • the system includes an owner node of the communication device for initiating the change of operator network by sending a subscription registration message to the new operator network, the subscription registration message including first and second authentication keys and an identifier of the communication device; communication means within the new operator network for sending a notification to the old operator network indicating that the new operator network has a new subscription with the communication device; and communication means within the old operator network for sending a command to the communication device to change a currently active first subscription key to a second subscription key, the command including a currently active authentication key and a secret parameter known by the old operator network.
  • the system also includes means within the communication device for calculating the second subscription key utilizing the first subscription key and the secret parameter received from the old operator network; means within the old operator network for calculating the second subscription key; and communication means within the old operator network for sending the second subscription key to the new operator network.
  • the system also includes communication means within the new operator network for sending a command to the communication device to change the second subscription key to a third subscription key, the command including the first authentication key received from the owner node and a secret parameter known by the new operator network; means within the communication device for calculating the third subscription key utilizing the second subscription key and the secret parameter received from the new operator network; and means within the new operator network for calculating the third subscription key.
  • the present invention is directed to a method of downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device while changing the communication device from a first operator network to a second operator network.
  • the method begins by a manager of the communication device registering with the second operator network, wherein the registering step includes transferring K Auth to the second operator network.
  • the communication device then receives a bootstrapping message instructing the device to connect to a provisioning service of the new operator network, wherein the bootstrapping message includes an address of the provisioning service of the new operator network and an authentication nonce.
  • the new operator network then validates the communication device when the communication device attempts to connect to the provisioning service.
  • the second operator network generating a new DLUSIM and encrypting the DLUSIM with K Provision ; and downloading the DLUSIM as an encrypted blob to the communication device from an Open Mobile Alliance Device Management (OMA DM) provisioning server in the second operator network.
  • OMA DM Open Mobile Alliance Device Management
  • FIG. 1 is a high level message flow diagram illustrating an existing architecture and remotely managed procedure for changing an operator for an M2M device
  • FIGS. 2A-2B are simplified block diagrams illustrating two deployment scenarios according to the teachings of the present invention.
  • FIG. 3 is a simplified block diagram of an M2M device in an exemplary embodiment of the present invention.
  • FIG. 4 is a simplified block diagram of an enterprise server in an exemplary embodiment of the present invention.
  • FIG. 5 is a simplified block diagram of a device owner's mobile equipment (ME) in an exemplary embodiment of the present invention
  • FIG. 6 is a message flow diagram illustrating a procedure for changing a device owner in an exemplary embodiment of the present invention
  • FIG. 7 is a message flow diagram illustrating a procedure for changing a device key before and after a change of owner in an exemplary embodiment of the present invention
  • FIG. 8 is a message flow diagram illustrating a procedure for changing an operator with the change of a subscriber key in an exemplary embodiment of the present invention
  • FIG. 9 is a message flow diagram illustrating in more detail the procedure for changing an operator in an exemplary embodiment of the present invention.
  • FIG. 10 is a message flow diagram illustrating a procedure for downloading a new DLUSIM as an encrypted blob in an exemplary embodiment of the present invention.
  • FIG. 1 is a high level message flow diagram illustrating an existing architecture and remotely managed procedure for changing an operator for an M2M device 11 .
  • An Old Home Operator (OHO) 12 which includes a Home Subscriber Server/Authentication Center (HSS/AuC) 13 and a Discovery and Registration Function (DRF) 14 , provides the M2M device with initial network IP connectivity, possibly via a roaming partner called the Visited Operator (VO) 15 .
  • the VO provides the air interface to the M2M device in this scenario.
  • the VO provides the air interface to the M2M device in this scenario.
  • the Platform Validation Authority (PVA) 16 there is assumed to be a trusted third party called the Platform Validation Authority (PVA) 16 .
  • the PVA issues certificates for all entities in the structure and can validate the Trusted Execution Environment (TRE) of the M2M device.
  • SHO Selected Home Operator
  • DP-SP provisioning server
  • the M2M device 11 uses the standard GSM/UMTS procedures (GPRS/PS) to decode network information, and attaches to the network of any mobile network operator.
  • the M2M device sends its International Mobile Station Identity (IMSI) to the chosen operator, referred to as the Visited Operator (VO) 15 .
  • IMSI International Mobile Station Identity
  • VO Visited Operator
  • the VO contacts the OHO 12 and asks for authentication vectors (AVs).
  • AVs authentication vectors
  • the HSS/AuC 13 returns the AVs, and the VO uses the received AVs to authenticate the M2M device.
  • the VO provides IP connectivity for the M2M device to be able to reach the DRF 14 .
  • the DRF aids the M2M device to find its new SHO 17 . This may be done by sending an OMA DM bootstrapping message 20 to the M2M device. This message also sets the device in a state that enables it to receive a new USIM.
  • the M2M device 11 then connects to the SHO 17 , which requests TRE validation credentials from the M2M device. These credentials are forwarded to the trusted third party PVA 16 .
  • the PVA validates the authenticity and integrity of the M2M device, and returns the status to the SHO.
  • the SHO Upon receiving a positive validation, the SHO prepares a new DLUSIM, encrypts it, and transfers it to the DP-SP 19 .
  • the DP-SP provisions a DLUSIM object to the M2M device, possibly by using the OMA DM protocol.
  • the M2M device provisions the downloaded DLUSIM into the TRE and reports the success/failure status of the provisioning to the DP-SP.
  • An embodiment of the present invention provides the device with the ability to authenticate that a provisioning of the device is actually initiated by the owner of the device.
  • the invention also provides the device with the ability to authenticate the Discovery and Registration Function (DRF) involved in a change of operator.
  • DRF Discovery and Registration Function
  • a device is configured with a device key K Device and a plurality of one-way functions enabling derivation of a key hierarchy.
  • K Device a device key
  • K Provision is used to download the DLUSIM.
  • different end-user services may request to set up secure end-to-end connections. This can be done by allowing the end-user services to download their specific clients onto the device. If this is done, it should be done only with the authorization from the device owner.
  • the key hierarchy can be used to achieve easier operator change and also to facilitate secure end-to-end service set-up.
  • K S h 1 ( K Device ,params)
  • K End-user service h 4 ( K Device ,params)
  • K S i+1 h 6 ( K S i ,params)
  • Two exemplary scenarios are when the device owner is an enterprise and when the device owner is a consumer.
  • An exemplary enterprise scenario is when the M2M device is contained in an Automatic Meter Reader.
  • An exemplary consumer scenario is when the M2M device is contained in a car.
  • the device owner may be an enterprise such as a utility company.
  • the enterprise server 21 may be a server at the utility company, which remotely reads individual electric meter devices 22 .
  • Each electric meter device includes an M2M device 31 (see FIG. 3 ) as a subset.
  • M2M device 31 see FIG. 3
  • the device owner may be an individual consumer.
  • the end-user service 23 is shown separately.
  • all key-management is handled in an invisible manner for the consumer.
  • the consumer has a Mobile Equipment (ME) 24 with a Secure Element (SE) 25 at his disposal.
  • ME Mobile Equipment
  • SE Secure Element
  • An SE is characterized in that internal data processing and data storage is not available to a user external to the SE. A user external to the SE can only access or provide data over an interface to the SE.
  • the ME may be the consumer's mobile phone, which controls a car sensor device 26 in the consumer's car.
  • the car sensor device also includes an M2M device 31 as a subset.
  • each manager of the device can receive the keys that allow the manager to perform its duties, and keys can be handled without any resemblance with each other. Yet the impact on the manufacturing process can be kept at a minimum with storage of only one key.
  • the key-deriving methods on the owner side can also be cost-effectively implemented.
  • FIG. 3 is a simplified block diagram of an M2M device 31 in an exemplary embodiment of the present invention.
  • the device owner is an enterprise
  • device keys can be deployed into a database, for example, by reading a CD or other medium.
  • the source of these device keys is the manufacturer.
  • the enterprise can derive the keys required for different purposes.
  • the M2M device 31 there must be support for the required one-way functions and access to the device key. There may also be functionality for updating the device with new key-deriving functions (or new set of parameters) to enable new usages throughout the lifetime of the device. Additionally, functionality for changing the device key (for example in the case of owner change) may also be implemented.
  • the M2M device 31 includes a Trusted Environment (TRE) 32 , a unit for application management (OMA DM) 33 , and an end-user application 34 .
  • Various management units within the TRE such as a TRE Management Unit 35 , a K Device Management Unit 36 , and a Downloadable USIM (DLUSIM) Management Unit 37 control the updating of the K Device 38 and generating of a DLUSIM 39 . Dotted lines represent outputs from the management units.
  • a Functions Unit 40 controls a set of functions for deriving other keys based on the K Device 38 and inputs from the TRE Management Unit 35 . These functions include:
  • K Provision ⁇ K PubM2ME , K PrivM2ME ⁇ for an M2M device.
  • the private key is installed in a TRE in the device.
  • the public key is distributed by some method to the owner.
  • K Device is used as an authenticator. This enables the M2M device to authenticate that the issuer of the command is in possession of the valid device key.
  • FIG. 4 is a simplified block diagram of an enterprise server 21 in an exemplary embodiment of the present invention.
  • the enterprise server is shown at a high level interacting with a software provisioning server, a SHO, and the electric meter device 22 .
  • FIG. 4 shows that the enterprise server includes management units similar to the M2M device 30 , namely, a K Device Management Unit 47 for updating K Device 38 , a Functions Unit 48 , a TRE Management Unit 49 , and a DLUSIM Management Unit 50 .
  • the DLUSIM Management Unit interfaces with a SHO handler 51 and a Device handler 52 to interact with the SHO and Device as shown in FIG. 2A .
  • the enterprise server also includes an Application Provisioning Unit 53 and an Application Unit 54 .
  • FIG. 5 is a simplified block diagram of a device owner's mobile equipment (ME) 24 in an exemplary embodiment of the present invention.
  • ME mobile equipment
  • SE secure element
  • FIG. 5 is a simplified block diagram of a device owner's mobile equipment (ME) 24 in an exemplary embodiment of the present invention.
  • SE secure element
  • the device owner is a consumer, it is natural to consider the consumer to download an application onto his secure element (SE) 25 on his ME, personalize this application with the device key, and then seamlessly interact with the different operators and service providers through this secure application which performs the key-management with the respective entities.
  • SE secure element
  • this application may for instance be installed via NFC in the car shop (or over the air if the mobile network operators allow it). So, the source of the device key is the manufacturer, but it can be delivered with the help of the retailer.
  • the functions contained in the SE are the same as the ones described in the Enterprise server, but the GUI (Operator/Device Management Application) 56 and other non-secret information such as end-user applications 57 may be located outside of the SE. In this way, no secret information ever leaves the SE.
  • FIG. 6 is an illustrative diagram illustrating a procedure for changing a device owner in an exemplary embodiment of the present invention. This procedure is shown in a message flow diagram in FIG. 7 .
  • the device key is handed over from the old owner to the new owner. In this case, it is desirable to change the device key.
  • the old owner might want to change the key before handing it over so that the new owner is unable to backtrack old management of the device.
  • the new owner may want to change the key after the handover to prevent the old owner from being able to issue new management commands.
  • FIG. 6 describes on a high level, a procedure in which an old owner (for example, a first utility company) 61 , which owns an M2M device 31 such as an electric metering device, sells and hands over the device key to a new owner such as a second utility company 62 .
  • an old owner for example, a first utility company
  • an M2M device 31 such as an electric metering device
  • the old owner's node 61 utilizes a public key of a public/private key pair shared with the M2M device to encrypt the currently active device key K Device 0 with a change command and a secret parameter known by the old owner's node, and sends a change device key command C 1 to the M2M device 31 .
  • the M2M device decrypts the command utilizing the private key of the public/private key pair and determines a device key K Device 0′ at step 64 .
  • the M2M device compares K Device 0 with K Device 0 to determine if they are equal. If not, the connection is dropped, and the device key remains the same. To avoid brute force attacks, it is prudent that the time between allowed attempts is regulated, and that the device key has sufficient length.
  • the M2M device calculates a new device key K Device 1 at step 65 using the currently active device key K Device 0 and the secret parameter received from the old owner's node.
  • the old owner's node also calculates the new device key K Device 1 at step 66 so that the new device key K Device 1 does not have to be transmitted over the air interface.
  • the old owner's node sends the new device key K Device 1 to the new owner's node 62 , preferably over a secure connection. This provides the new owner's node with control over the M2M device without disclosing the old device key, K Device 0 .
  • the new owner's node 62 utilizes the public key to encrypt the new device key K Device 1 with a change command and a secret parameter known by the new owner's node, and sends a change device key command C 2 to the M2M device 31 .
  • the M2M device decrypts the command utilizing the private key and determines a device key K Device 1′ at step 69 .
  • the M2M device compares K Device 1′ with K Device 1 to determine if they are equal and if so, the M2M device calculates a new device key K Device 2 using the new device key K Devica 1 and the secret parameter received from the new owner's node.
  • the new owner's node also calculates the new device key K Device 2 at step 71 so that the new device key K Device 2 does not have to be transmitted over the air interface.
  • all commands are protected by the asymmetric key K Provision , which is not known outside of the TRE 32 of the M2M device, and therefore the new K Device 2 is impossible for the old owner to retrieve.
  • This scenario is also applicable, for example, when ownership of a car is transferred between an old owner and a new owner.
  • an operator change is performed without explicitly sending a USIM or a subscriber key over the air to the device.
  • a change of operator is performed by the old operator handing over the subscriber key to the new operator.
  • the old and the new operator would like to be able to change the keys to protect themselves against the other operator.
  • FIG. 8 is a message flow diagram illustrating a procedure for changing an operator from an old operator (OHO) 81 to a new operator (SHO) 82 with the change of a subscriber key in an exemplary embodiment of the present invention.
  • FIG. 9 is a message flow diagram illustrating in more detail the procedure of FIG. 8 . With reference to FIGS. 8 and 9 , the procedure will be explained.
  • K S 0 a subscriber key
  • K S 0 an authentication key
  • K Auth 0 an authentication key
  • the owner 83 of the M2M device creates a new subscription with the new operator 82
  • the first key, K Auth 1 is used to authenticate the change of the subscriber key at start of the subscription period.
  • K Auth 2 for the new operator and K Auth 0 for the old operator is used to change the key before handing over the device to a new operator.
  • the owner may send the authentication keys to the new operator in a subscription registration message at 85 , and the new operator informs the old operator at step 86 that the new operator has a new subscription with the M2M device.
  • the owner may only provide K Auth 2 to the new operator at the time of operator change. In this way, the operators do not have to store K Auth 2 for the entire subscription period of the device.
  • the old operator 81 utilizes the public key to encrypt K Auth 0 with a change command and a secret parameter known by the old operator, and sends a change subscription key command C 1 to the M2M device 31 .
  • the old operator then calculates the new subscriber key K S 1 at step 89 so that the new subscriber key K S 1 does not have to be transmitted over the air interface.
  • the old operator sends the new subscriber key K S 1 to the new operator, preferably over a secure connection.
  • the old operator then orders the M2M device to change its IMSI via OTA.
  • the new operator 82 utilizes the public key to encrypt K Auth 1 with a change command and a secret parameter known by the old operator, and sends a change subscription key command C 2 to the M2M device.
  • the owner 83 initiates the process, and then the old operator 81 takes over, changes the subscription key, and informs the new operator 82 .
  • the new operator then again changes the subscription key, after or before which the new operator may have made a validation of the M2M device. It is important that the device is always placed in an HSS with the correct IMSI and K S . This information can be put in the HSS before the change of subscription key is made, as shown in FIG. 8 .
  • owner and operator are both changed.
  • the new owner may also like to switch the operator.
  • the new owner should make sure that he has updated the device key before he contacts the newly selected operator and initiates the switch.
  • FIG. 10 is a message flow diagram illustrating a procedure for downloading a new DLUSIM as an encrypted blob in an exemplary embodiment of the present invention.
  • the enterprise server is more actively involved in downloading the new DLUSIM as an encrypted blob. This has the positive effect that the SHO can utilize any algorithm it wants for key-generation, and specifically, that it is not forced to use MILENAGE. It is also easy to have more than a *SIM in the device at one time.
  • the M2M Device 31 is attached to the old home operator's (OHO) network 81 .
  • the owner registers at a new Selected Home Operator (SHO) 82 and transfers the K Auth as defined above and shown in FIGS. 2A and 2B .
  • the M2M Device receives a bootstrapping message instructing the M2M Device to connect to the new SHO's provisioning service.
  • the bootstrapping message may include an address of the SHO and an authentication nonce.
  • This bootstrapping message may be sent from the owner 83 , the SHO 82 , or from the OHO 81 . In FIG. 10 , the bootstrapping message is sent from the owner 83 .
  • the new SHO and PVA 16 validate the M2M Device TRE 32 when the M2M Device attempts to connect to the provisioning service.
  • a new USIM is generated and encrypted with the K Provision .
  • the new USIM is downloaded as an encrypted blob to the M2M Device from the OMA DM provsioning server 19 , which may show knowledge of K Auth in this step.
  • the device re-attaches to the new SHO 82 .
  • the carrier for both the bootstrapping message and for the DLUSIM blob may be OMA DM.
  • the authentication nonce in the bootstrapping message is based on K Auth .
  • the bootstrapping message may include either a certificate identifying the new SHO, or there may be a K Auth also in the encrypted DLUSIM blob.
  • the USIM is never revealed in a decrypted state outside of the TRE, and preferably K Auth is not revealed outside of the TRE either.
  • the OMA DM client may be located outside of the TRE, and thus in another embodiment, K Auth is not coupled to OMA DM.
  • K Auth may be used either as a password or the basis of a password, which is included in the encrypted blob as a parameter, or K Auth can be used as a integrity protection key such as the key used in a MAC used to protect the encrypted blob.
  • K Auth may be utilized by the OMA DM server, but there are other setups where this is less appropriate.
  • One example is when the OMA DM server is not positioned in the new SHO network. In this case, the operator may apply K Auth and confidentiality protection before handing the encrypted SIM over to the third party supplying the OMA DM service.
  • OMA DM is preferred as the carrier of a DLUSIM, and it is hence preferred to use the OMA DM Mgmt Tree to organize these changes.
  • the OMA DM client (which is the engine using the OMA DM Mgmt Tree) is not the sole entity involved in the management of the DLUSIM.
  • the OMA DM Mgmt Tree should look correct.
  • the OMA DM engine's security should be based on K Device for other management changes.
  • ACL Access Control List
  • the ⁇ device.owner> mgmt server may be authenticated by a K Application Provisioning . It is also acceptable if this same key or derivations of it are used for authenticating other parts of the OMA DM Mgmt Tree.
  • the K Application provisioning can of course also be calculated by the TRE. So in principle, the TRE can manage the SEMO in the OMA DM Mgmt Tree itself.
  • K TRE management also derived from K Device , is used in a similar fashion as in the DLUSIM download mechanism described above. This setup gives the device owner the final say in what is happening in his device, but allows the operators to check and verify that no other DLUSIMs are installed in the device, and also to securely manage their own objects.
  • the K End-user service may, for example, be K S-NAF as defined in the 3GPP GBA standard; and the K Device functions as K.
  • the ME function as the Bootstrapping Server Function (BSF) in the consumer case.
  • BSF Bootstrapping Server Function

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

A system, method, and owner node for securely changing a mobile device from an old owner to a new owner, or from an old operator network to a new operator network. The old owner initiates the change of owner or operator. The old owner or operator then commands the mobile device to change a currently active first key to a second key. The second key is then transferred to the new owner or operator. The new owner or operator then commands the mobile device to change the second key to a third key for use between the mobile device and the new owner or operator. Upon completion of the change, the new owner or operator does not know the first key in use before the change, and the old owner does not know the third key in use after the change.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the benefit of U.S. Provisional Application No. 61/108,994 filed Oct. 28, 2008, the contents of which are incorporated by reference herein.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
Not Applicable
REFERENCE TO SEQUENCE LISTING, A TABLE, OR A COMPUTER PROGRAM LISTING COMPACT DISC APPENDIX
Not Applicable
BACKGROUND
The present invention relates to radio telecommunication systems. More particularly, and not by way of limitation, the present invention is directed to an apparatus and method for remote initial provisioning of Universal Subscriber Identity Modules (USIMs) and subsequent changing of an operator.
There is currently an ongoing study item in 3GPP targeting to create an architecture and solution for remote initial provisioning of USIMs and subsequent changing of an operator. The study is reported in the technical report, 3GPP TR 33.812, version 1.3.0. Remotely manageable USIMs are considered for Machine-to-machine (M2M) communication, i.e., communication between devices without user interaction.
A typical use case for an M2M device is electric metering. In this case, an electric supplier company installs automatic metering devices that report the amount of consumed electricity back to the billing department via a 3GPP network. Since millions of such devices may be installed, remote management of subscriptions would greatly reduce costs, for example, in the case of a change of subscription. In this use case, the end user and the owner of the devices is an enterprise with a large number of devices in the field. Thus, it is likely that the owner will have its own servers that can manage the devices.
Another use case is for built-in terminals in cars. In this case it is a single owner of the car that would like to control which telecommunication operator the car is using, and also the services to which the car is attached such as insurance service, maintenance services, and road toll services. In this use case, it is envisioned that a car owner's mobile terminal could function as the enterprise server above, containing all the necessary intelligence to manage the car.
The existing 3GPP architecture and remotely managed procedure for provisioning an M2M device is complex and still leaves security gaps.
There is no solution for how to simplify the process of changing the operator, and how to couple that process to secure service set-up. Under existing procedures, at manufacture time, a Platform Validation Authority (PVA) certificate is installed as a trusted certificate in a M2ME device. However, all operators with a certificate signed by the PVA are able to perform a valid provisioning of the M2M device. This creates the problem commonly referred to as slamming, i.e., illegal changing of subscribers telephone service without their consent.
From an operator's perspective it is also important that the discovery function through which the device discovers its new Selected Home Operator (SHO) is authenticated by the device. An unauthenticated rouge discovery function could divert a large number of M2M devices to connect to some operator's network, causing a denial-of-service attack on the network.
Current devices use a SIM/USIM card to provide the TRE, and one method of changing the operator is to physically replace the SIM/USIM card. However, some devices are unattended, so physically changing the SIM/USIM card is difficult. Also, just because a person has physical access to the device does not mean that person has the right to change the operator.
There is currently no flexible authentication mechanism to prevent these types of attacks and drawbacks associated with the prior art.
SUMMARY
An embodiment of the present invention provides the device with the ability to authenticate that a provisioning of the device is actually initiated by the owner of the device. The invention also provides the device with the ability to authenticate the Discovery and Registration Function (DRF) involved in a change of operator.
There is need for multiple keys in the process of provisioning Downloadable USIMs (DLUSIMs) and the subsequent change of operator. In the provisioning phase a symmetric key KPIMSI is first used to give initial air time, and following this, an asymmetric (or in some cases, symmetric) key KProvision is used to download the DLUSIM. When the operator is changed, a new KPIMSI may be needed, and the invention provides the ability to send a command to the remote device to authorize the change of operator. Also, throughout the life-cycle of the device, different end-user services may request to set up secure end-to-end connections. This can be done by allowing the end-user services to download their specific clients onto the device. If this is done, it should be done only with the authorization from the device owner. According to the invention the key hierarchy can be used to achieve easier operator change and also to facilitate secure end-to-end service set-up.
According to embodiments of the invention, a device is configured with a device key KDevice and a plurality of one-way functions enabling derivation of a key hierarchy. By introducing a KDevice (and making some keys derivable from this) the management activities are simplified. The present invention derives all other keys from this single KDevice with one-way functions known to the device and device owner, denoted by hi( ), 0≦i≦6. By introducing one device key, the invention also simplifies the device-manufacturing process and the usability for the end-user, independent of whether the end-user is an enterprise or a consumer. It is also much easier to let the device change its purpose over time.
To enable this key management scheme, where a manager of the device (most commonly the owner of the device, but this may in different scenarios be also outsourced to another entity or be taken up by a user trusted by the owner) has the final control of the device, the invention provides a method for updating the device key and for changing a subscriber key.
Further, the invention provides a modified M2M device and owner node. According to exemplary embodiments, the owner node is implemented as an enterprise server or as a mobile entity (ME).
Characteristic features of the invention relate to a key-hierarchy extending the DLUSIM framework to also cover general M2M applications and incorporating it into the general Open Mobile Alliance Device Management (OMA DM) framework. A further extension relates to how to change KDevice, and how to change the subscription key without sending it over the cellular channel.
Thus, in one embodiment, the present invention is directed to a method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands include a device key known to the device. The method includes the steps of initiating the change of control by the old manager, the initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager, preferably over a secure connection. The method also includes completing the change of control by the new manager, the completing step including changing the second device key in use between the new manager and the device to a third device key. Upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.
In another embodiment, the present invention is directed to a method of securely changing a communication device from an old operator to a new operator, wherein the communication device has a subscription key and obeys commands from an operator only if the commands include an authentication key known to the communication device. The method includes the steps of initiating the change of operator by a manager of the communication device; in response to the initiating step, changing a first subscription key in use between the old operator and the communication device to a second subscription key; sending the second subscription key from the old operator to the new operator; and completing the change of operator by the new operator. The completing step includes changing the second subscription key in use between the new operator and the communication device to a third subscription key. Upon completion of the change of operator, the new operator does not know the first subscription key and the old operator does not know the third subscription key.
In another embodiment, the present invention is directed to a first owner node in a telecommunication network for securely changing ownership of a communication device from the first owner node to a second owner node, wherein the communication device obeys commands from owner nodes only if the commands include a device key known to the communication device. The first owner node includes communication means for sending a command to the communication device to change a currently active device key to a new device key, the command including the currently active device key and a secret parameter known by the first owner node; means for calculating the new device key utilizing the currently active device key and the secret parameter; and communication means for sending the new device key to the second owner node.
In another embodiment, the present invention is directed to a second owner node in a telecommunication network for securely obtaining ownership of a communication device from a first owner node, wherein the communication device obeys commands from owner nodes only if the commands include a device key known to the communication device. The second owner node includes communication means for receiving from the first owner node, a currently active device key for the communication device; communication means for sending a command to the communication device to change the currently active device key to a new device key, the command including the currently active device key and a secret parameter known by the second owner node; and means for calculating the new device key utilizing the currently active device key and the secret parameter.
In another embodiment, the present invention is directed to a system for securely changing a communication device from an old operator network to a new operator network, wherein the communication device has a subscription key and obeys commands from an operator network only if the commands include an authentication key known to the communication device. The system includes an owner node of the communication device for initiating the change of operator network by sending a subscription registration message to the new operator network, the subscription registration message including first and second authentication keys and an identifier of the communication device; communication means within the new operator network for sending a notification to the old operator network indicating that the new operator network has a new subscription with the communication device; and communication means within the old operator network for sending a command to the communication device to change a currently active first subscription key to a second subscription key, the command including a currently active authentication key and a secret parameter known by the old operator network. The system also includes means within the communication device for calculating the second subscription key utilizing the first subscription key and the secret parameter received from the old operator network; means within the old operator network for calculating the second subscription key; and communication means within the old operator network for sending the second subscription key to the new operator network. The system also includes communication means within the new operator network for sending a command to the communication device to change the second subscription key to a third subscription key, the command including the first authentication key received from the owner node and a secret parameter known by the new operator network; means within the communication device for calculating the third subscription key utilizing the second subscription key and the secret parameter received from the new operator network; and means within the new operator network for calculating the third subscription key.
In another embodiment, the present invention is directed to a method of downloading a new Downloadable Universal Subscriber Identity Module (DLUSIM) to a communication device while changing the communication device from a first operator network to a second operator network. The method begins by a manager of the communication device registering with the second operator network, wherein the registering step includes transferring KAuth to the second operator network. The communication device then receives a bootstrapping message instructing the device to connect to a provisioning service of the new operator network, wherein the bootstrapping message includes an address of the provisioning service of the new operator network and an authentication nonce. The new operator network then validates the communication device when the communication device attempts to connect to the provisioning service. This is followed by the second operator network generating a new DLUSIM and encrypting the DLUSIM with KProvision; and downloading the DLUSIM as an encrypted blob to the communication device from an Open Mobile Alliance Device Management (OMA DM) provisioning server in the second operator network. The communication device then attaches to the second operator network utilizing the new DLUSIM.
BRIEF DESCRIPTION OF THE DRAWINGS
In the following section, the invention will be described with reference to exemplary embodiments illustrated in the figures, in which:
FIG. 1 is a high level message flow diagram illustrating an existing architecture and remotely managed procedure for changing an operator for an M2M device;
FIGS. 2A-2B are simplified block diagrams illustrating two deployment scenarios according to the teachings of the present invention;
FIG. 3 is a simplified block diagram of an M2M device in an exemplary embodiment of the present invention;
FIG. 4 is a simplified block diagram of an enterprise server in an exemplary embodiment of the present invention;
FIG. 5 is a simplified block diagram of a device owner's mobile equipment (ME) in an exemplary embodiment of the present invention;
FIG. 6 is a message flow diagram illustrating a procedure for changing a device owner in an exemplary embodiment of the present invention;
FIG. 7 is a message flow diagram illustrating a procedure for changing a device key before and after a change of owner in an exemplary embodiment of the present invention;
FIG. 8 is a message flow diagram illustrating a procedure for changing an operator with the change of a subscriber key in an exemplary embodiment of the present invention;
FIG. 9 is a message flow diagram illustrating in more detail the procedure for changing an operator in an exemplary embodiment of the present invention; and
FIG. 10 is a message flow diagram illustrating a procedure for downloading a new DLUSIM as an encrypted blob in an exemplary embodiment of the present invention.
 DETAILED DESCRIPTION
FIG. 1 is a high level message flow diagram illustrating an existing architecture and remotely managed procedure for changing an operator for an M2M device 11. An Old Home Operator (OHO) 12, which includes a Home Subscriber Server/Authentication Center (HSS/AuC) 13 and a Discovery and Registration Function (DRF) 14, provides the M2M device with initial network IP connectivity, possibly via a roaming partner called the Visited Operator (VO) 15. Thus, the VO provides the air interface to the M2M device in this scenario. Additionally there is assumed to be a trusted third party called the Platform Validation Authority (PVA) 16. The PVA issues certificates for all entities in the structure and can validate the Trusted Execution Environment (TRE) of the M2M device. Also illustrated is a Selected Home Operator (SHO) 17, which includes an HSS/AuC 18 and a provisioning server (DP-SP) 19.
The M2M device 11 uses the standard GSM/UMTS procedures (GPRS/PS) to decode network information, and attaches to the network of any mobile network operator. In the attach message, the M2M device sends its International Mobile Station Identity (IMSI) to the chosen operator, referred to as the Visited Operator (VO) 15. The VO contacts the OHO 12 and asks for authentication vectors (AVs). The HSS/AuC 13 returns the AVs, and the VO uses the received AVs to authenticate the M2M device.
If authentication of the M2M device by the VO is successful, the VO provides IP connectivity for the M2M device to be able to reach the DRF 14. The DRF aids the M2M device to find its new SHO 17. This may be done by sending an OMA DM bootstrapping message 20 to the M2M device. This message also sets the device in a state that enables it to receive a new USIM. The M2M device 11 then connects to the SHO 17, which requests TRE validation credentials from the M2M device. These credentials are forwarded to the trusted third party PVA 16. The PVA validates the authenticity and integrity of the M2M device, and returns the status to the SHO. Upon receiving a positive validation, the SHO prepares a new DLUSIM, encrypts it, and transfers it to the DP-SP 19. The DP-SP provisions a DLUSIM object to the M2M device, possibly by using the OMA DM protocol. The M2M device provisions the downloaded DLUSIM into the TRE and reports the success/failure status of the provisioning to the DP-SP.
As noted above, this existing remotely managed procedure for provisioning an M2M device is complex and still leaves security gaps. An embodiment of the present invention provides the device with the ability to authenticate that a provisioning of the device is actually initiated by the owner of the device. The invention also provides the device with the ability to authenticate the Discovery and Registration Function (DRF) involved in a change of operator.
According to embodiments of the invention, a device is configured with a device key KDevice and a plurality of one-way functions enabling derivation of a key hierarchy. There is a need for multiple keys in the process of provisioning DLUSIMs and the subsequent change of operator. In the provisioning phase a symmetric key KPIMSI is first used to give initial air time, and following this, an asymmetric (or in some cases symmetric, although most of this text will assume an asymmetric key) KProvision is used to download the DLUSIM. When the operator is changed, a new KPIMSI is needed, and the invention provides the ability to send a command to the remote device to authorize the change of operator.
Also, throughout the life-cycle of the device, different end-user services may request to set up secure end-to-end connections. This can be done by allowing the end-user services to download their specific clients onto the device. If this is done, it should be done only with the authorization from the device owner. According to the invention the key hierarchy can be used to achieve easier operator change and also to facilitate secure end-to-end service set-up.
By introducing a KDevice, and deriving other keys from this, the management activities are simplified. In the present invention, all keys are derived from this single key with known one-way functions, denoted by hi( ), 0≦i≦6.
In an exemplary embodiment, the following relationships are established:
Update of the device key:
K Device i+1 =h 0(K Device i,params)
Calculate a subscriber key (both KPIMSI and key used by USIM):
K S =h 1(K Device,params)
Calculate Trusted Environment management key (to update functions used by the TRE, also DLUSIM mgmt app):
K TRE management =h 2(K Device,params)
Calculate operator change authentication key (to authenticate change of subscriber key):
K Auth =h 3(K Device,params)
Calculate end-user-service key (to authenticate an end-user application to the M2M device similar to GBA, can also be used as the application provisioning key):
K End-user service =h 4(K Device,params)
Calculate application provisioning key (to manage applications outside of the TRE, may be derived in the same way as the end-user-service key):
K Application provisioning =h 5(K Device,params)
Additionally, the following one-way function may be used to update the subscriber key in a USIM:
K S i+1 =h 6(K S i,params)
The parameters are different from key to key, but may include a sequence number, operator identifiers, or other additional data used to bind the key to a specific situation, session, or purpose. In some cases it may be beneficial to use the same one-way function for all derivations, i.e., hi(x)=h(x), 0≦i≦6. In such a scenario the parameters taken as input must be arranged such that collisions of inputs are avoided.
There are different scenarios during which the device being remotely managed for DLUSIM can be deployed. Two exemplary scenarios are when the device owner is an enterprise and when the device owner is a consumer. An exemplary enterprise scenario is when the M2M device is contained in an Automatic Meter Reader. An exemplary consumer scenario is when the M2M device is contained in a car.
FIGS. 2A-2B are simplified block diagrams illustrating at a high level, an enterprise deployment scenario and a consumer deployment scenario, respectively, according to the teachings of the present invention. The dotted arrows indicate a secure transferal of keys, and the full lines indicate a usage of keys. Note that there are no transferals of keys to the device (and hence not over the cellular interface). These two cases differ in the amount of resources that are assumed on the owner side.
Referring to FIG. 2A, in the enterprise deployment case, the device owner may be an enterprise such as a utility company. In such an example, the enterprise server 21 may be a server at the utility company, which remotely reads individual electric meter devices 22. Each electric meter device includes an M2M device 31 (see FIG. 3) as a subset. In the enterprise case, it can be assumed that the enterprise owns its own server 21, and the end-user service actually ends there.
Referring to FIG. 2B, in the consumer case, the device owner may be an individual consumer. In the case with a consumer as an end-user, it cannot be assumed that the consumer owns the server. Thus, the end-user service 23 is shown separately. Preferably, all key-management is handled in an invisible manner for the consumer. It can be assumed, however, that the consumer has a Mobile Equipment (ME) 24 with a Secure Element (SE) 25 at his disposal. An SE is characterized in that internal data processing and data storage is not available to a user external to the SE. A user external to the SE can only access or provide data over an interface to the SE. The ME may be the consumer's mobile phone, which controls a car sensor device 26 in the consumer's car. The car sensor device also includes an M2M device 31 as a subset.
With a standardized method of deriving keys, each manager of the device (SHO 27, End-user service 23, and Software Provisioning Server 28) can receive the keys that allow the manager to perform its duties, and keys can be handled without any resemblance with each other. Yet the impact on the manufacturing process can be kept at a minimum with storage of only one key. The key-deriving methods on the owner side can also be cost-effectively implemented.
FIG. 3 is a simplified block diagram of an M2M device 31 in an exemplary embodiment of the present invention. When the device owner is an enterprise, device keys can be deployed into a database, for example, by reading a CD or other medium. The source of these device keys is the manufacturer. Using pre-installed software, the enterprise can derive the keys required for different purposes.
On the M2M device 31, there must be support for the required one-way functions and access to the device key. There may also be functionality for updating the device with new key-deriving functions (or new set of parameters) to enable new usages throughout the lifetime of the device. Additionally, functionality for changing the device key (for example in the case of owner change) may also be implemented.
The original device key may be provided as a software key on a storage medium whereby a new key derived from the original key may overwrite the original key or be stored on a separate storage medium. The original device key may also be provided as a hard-coded key, and an actual device key may be derived from the original hard coded key and stored on a storage medium.
The M2M device 31 includes a Trusted Environment (TRE) 32, a unit for application management (OMA DM) 33, and an end-user application 34. Various management units within the TRE such as a TRE Management Unit 35, a KDevice Management Unit 36, and a Downloadable USIM (DLUSIM) Management Unit 37 control the updating of the K Device 38 and generating of a DLUSIM 39. Dotted lines represent outputs from the management units.
The KDevice Management Unit 36 utilizes the existing K Device 38 and inputs, for example from an owner node, to update KDevice utilizing: KDevice 1+1=h0(KDevice i, params).
A Functions Unit 40 controls a set of functions for deriving other keys based on the K Device 38 and inputs from the TRE Management Unit 35. These functions include:
    • A KAuth Unit 41 for calculating an operator change authentication key to authenticate a change of subscriber key utilizing: KAuth=h3 (KDevice, params).
    • A KS Unit 42 for calculating a subscriber key (both KPIMSI and the key used by the USIM) utilizing: KS=h1(KDevice, params).
    • A KTRE management Unit 43 for calculating a Trusted Environment management key to update functions used by the TRE and the DLUSIM Management Unit utilizing: KTRE management=h2(KDevice, params).
    • A KApplication provisioning Unit 44 for calculating an application provisioning key to manage applications 33 outside of the TRE. The application provisioning key may be derived in the same way as the end-user-service key utilizing: KApplication provisioning=h5(KDevice, params).
    • A KEnd-user Application Unit 45 for calculating an end-user-service key to authenticate an end-user application to the M2M device similar to the Generic Bootstrapping Architecture (GBA) utilizing KEnd-user service=h4(KDevice, params). The end-user service key can also be used as the application provisioning key.
    • A one-way function for updating the subscriber key in a USIM utilizing: KS i+1=h6(KS i, params).
It is assumed that a trusted third party has issued an asymmetric key KProvision {KPubM2ME, KPrivM2ME} for an M2M device. The private key is installed in a TRE in the device. The public key is distributed by some method to the owner. An encryption of a message m, using the public key Kpub, is denoted as c=EKPub(m); similarly decryption using the private key, KPriv, is denoted by m=DKPriv(c). KDevice is used as an authenticator. This enables the M2M device to authenticate that the issuer of the command is in possession of the valid device key.
FIG. 4 is a simplified block diagram of an enterprise server 21 in an exemplary embodiment of the present invention. Referring back to FIG. 2A, the enterprise server is shown at a high level interacting with a software provisioning server, a SHO, and the electric meter device 22. FIG. 4 shows that the enterprise server includes management units similar to the M2M device 30, namely, a KDevice Management Unit 47 for updating K Device 38, a Functions Unit 48, a TRE Management Unit 49, and a DLUSIM Management Unit 50. The DLUSIM Management Unit interfaces with a SHO handler 51 and a Device handler 52 to interact with the SHO and Device as shown in FIG. 2A. The enterprise server also includes an Application Provisioning Unit 53 and an Application Unit 54.
FIG. 5 is a simplified block diagram of a device owner's mobile equipment (ME) 24 in an exemplary embodiment of the present invention. When the device owner is a consumer, it is natural to consider the consumer to download an application onto his secure element (SE) 25 on his ME, personalize this application with the device key, and then seamlessly interact with the different operators and service providers through this secure application which performs the key-management with the respective entities. In the case of the M2M device being a car, this application may for instance be installed via NFC in the car shop (or over the air if the mobile network operators allow it). So, the source of the device key is the manufacturer, but it can be delivered with the help of the retailer.
The functions contained in the SE are the same as the ones described in the Enterprise server, but the GUI (Operator/Device Management Application) 56 and other non-secret information such as end-user applications 57 may be located outside of the SE. In this way, no secret information ever leaves the SE.
FIG. 6 is an illustrative diagram illustrating a procedure for changing a device owner in an exemplary embodiment of the present invention. This procedure is shown in a message flow diagram in FIG. 7. In the case of an owner change of a device, the device key is handed over from the old owner to the new owner. In this case, it is desirable to change the device key. The old owner might want to change the key before handing it over so that the new owner is unable to backtrack old management of the device. Likewise, the new owner may want to change the key after the handover to prevent the old owner from being able to issue new management commands.
FIG. 6 describes on a high level, a procedure in which an old owner (for example, a first utility company) 61, which owns an M2M device 31 such as an electric metering device, sells and hands over the device key to a new owner such as a second utility company 62. With reference to FIGS. 6 and 7, the procedure will be explained.
At step 63, the old owner's node 61 utilizes a public key of a public/private key pair shared with the M2M device to encrypt the currently active device key KDevice 0 with a change command and a secret parameter known by the old owner's node, and sends a change device key command C1 to the M2M device 31. The M2M device decrypts the command utilizing the private key of the public/private key pair and determines a device key KDevice 0′ at step 64. At step 65, the M2M device compares KDevice 0 with KDevice 0 to determine if they are equal. If not, the connection is dropped, and the device key remains the same. To avoid brute force attacks, it is prudent that the time between allowed attempts is regulated, and that the device key has sufficient length.
If KDevice 0′ is equal to KDevice 0, the M2M device calculates a new device key KDevice 1 at step 65 using the currently active device key KDevice 0 and the secret parameter received from the old owner's node. The old owner's node also calculates the new device key KDevice 1 at step 66 so that the new device key KDevice 1 does not have to be transmitted over the air interface. At step 67, the old owner's node sends the new device key KDevice 1 to the new owner's node 62, preferably over a secure connection. This provides the new owner's node with control over the M2M device without disclosing the old device key, KDevice 0.
At step 68, the new owner's node 62 utilizes the public key to encrypt the new device key KDevice 1 with a change command and a secret parameter known by the new owner's node, and sends a change device key command C2 to the M2M device 31. The M2M device decrypts the command utilizing the private key and determines a device key KDevice 1′ at step 69. At step 70, the M2M device compares KDevice 1′ with KDevice 1 to determine if they are equal and if so, the M2M device calculates a new device key KDevice 2 using the new device key KDevica 1 and the secret parameter received from the new owner's node. The new owner's node also calculates the new device key KDevice 2 at step 71 so that the new device key KDevice 2 does not have to be transmitted over the air interface. Note that all commands are protected by the asymmetric key KProvision, which is not known outside of the TRE 32 of the M2M device, and therefore the new KDevice 2 is impossible for the old owner to retrieve. This scenario is also applicable, for example, when ownership of a car is transferred between an old owner and a new owner.
According to a second exemplary embodiment, an operator change is performed without explicitly sending a USIM or a subscriber key over the air to the device.
According to the invention, a change of operator is performed by the old operator handing over the subscriber key to the new operator. However, as in the previous embodiment, the old and the new operator would like to be able to change the keys to protect themselves against the other operator.
FIG. 8 is a message flow diagram illustrating a procedure for changing an operator from an old operator (OHO) 81 to a new operator (SHO) 82 with the change of a subscriber key in an exemplary embodiment of the present invention. FIG. 9 is a message flow diagram illustrating in more detail the procedure of FIG. 8. With reference to FIGS. 8 and 9, the procedure will be explained.
It is assumed that a subscriber key, KS 0, is installed in the M2M device 31, and the old operator 81 is in possession of an authentication key, KAuth 0. When the owner 83 of the M2M device creates a new subscription with the new operator 82, the owner derives at least two authentication keys {KAuth 1, KAuth 2} from KDevice according to KAuth=h3(KDevice, params) at step 84. The first key, KAuth 1, is used to authenticate the change of the subscriber key at start of the subscription period. The second key, KAuth 2 for the new operator and KAuth 0 for the old operator, is used to change the key before handing over the device to a new operator. In one embodiment, the owner may send the authentication keys to the new operator in a subscription registration message at 85, and the new operator informs the old operator at step 86 that the new operator has a new subscription with the M2M device. Of course information may be sent between the entities in different ways due to different setups. For example, the owner may only provide KAuth 2 to the new operator at the time of operator change. In this way, the operators do not have to store KAuth 2 for the entire subscription period of the device.
At step 87, the old operator 81 utilizes the public key to encrypt KAuth 0 with a change command and a secret parameter known by the old operator, and sends a change subscription key command C1 to the M2M device 31. The M2M device verifies the command at step 88, and if the currently active authentication key KAuth 0 is correct, the M2M device calculates a new subscription key KS 1 according to KS 1=h6(KS 0, secret). The old operator then calculates the new subscriber key KS 1 at step 89 so that the new subscriber key KS 1 does not have to be transmitted over the air interface. At step 90, the old operator sends the new subscriber key KS 1 to the new operator, preferably over a secure connection. At step 91, the old operator then orders the M2M device to change its IMSI via OTA.
At step 92, the new operator 82 utilizes the public key to encrypt KAuth 1 with a change command and a secret parameter known by the old operator, and sends a change subscription key command C2 to the M2M device. At step 93, the M2M device derives a value for KAUTH 1′ according to (KAUTH 1′, ChangeKSECMD, Secret)=DKprivM2ME(C2). At step 94, the M2M device then verifies that KAuth 1′=h3(KDevice 0,param1) and if so, the M2M device calculates a new subscription key KS 2 according to KS 2=h6(KS 1, secret). The new operator then calculates the new subscriber key KS 2 at step 95 so that the new subscriber key KS 2 does not have to be transmitted over the air interface.
It can be seen that the owner 83 initiates the process, and then the old operator 81 takes over, changes the subscription key, and informs the new operator 82. The new operator then again changes the subscription key, after or before which the new operator may have made a validation of the M2M device. It is important that the device is always placed in an HSS with the correct IMSI and KS. This information can be put in the HSS before the change of subscription key is made, as shown in FIG. 8.
To be able to calculate the resulting key after a run of the key update procedure, an attacker needs to have knowledge of both the previous subscriber key stored in the TRE 32, and the secret sent by the operator. An attempt to change the subscriber key without an included valid authentication key, KAuth, results in an aborted procedure. The current authentication key should still remain active, as switching to the next would risk synchronization issues and denial-of-service attacks.
According to still another embodiment, owner and operator are both changed. In the case of an owner change of device, the new owner may also like to switch the operator. In this scenario, it is important to avoid updating a device key and a subscriber key simultaneously. This might result in derived keys that are different on the device and the operator side. The new owner should make sure that he has updated the device key before he contacts the newly selected operator and initiates the switch.
FIG. 10 is a message flow diagram illustrating a procedure for downloading a new DLUSIM as an encrypted blob in an exemplary embodiment of the present invention. According to this embodiment, the enterprise server is more actively involved in downloading the new DLUSIM as an encrypted blob. This has the positive effect that the SHO can utilize any algorithm it wants for key-generation, and specifically, that it is not forced to use MILENAGE. It is also easy to have more than a *SIM in the device at one time.
Initially, the M2M Device 31 is attached to the old home operator's (OHO) network 81. At step 101 the owner registers at a new Selected Home Operator (SHO) 82 and transfers the KAuth as defined above and shown in FIGS. 2A and 2B. At step 102, the M2M Device receives a bootstrapping message instructing the M2M Device to connect to the new SHO's provisioning service. The bootstrapping message may include an address of the SHO and an authentication nonce. This bootstrapping message may be sent from the owner 83, the SHO 82, or from the OHO 81. In FIG. 10, the bootstrapping message is sent from the owner 83. At step 103, the new SHO and PVA 16 validate the M2M Device TRE 32 when the M2M Device attempts to connect to the provisioning service. At step 104, a new USIM is generated and encrypted with the KProvision. At step 105, the new USIM is downloaded as an encrypted blob to the M2M Device from the OMA DM provsioning server 19, which may show knowledge of KAuth in this step. At step 106, the device re-attaches to the new SHO 82.
The carrier for both the bootstrapping message and for the DLUSIM blob may be OMA DM. In the above, it is assumed that the authentication nonce in the bootstrapping message is based on KAuth. Also, the bootstrapping message may include either a certificate identifying the new SHO, or there may be a KAuth also in the encrypted DLUSIM blob.
Preferably, the USIM is never revealed in a decrypted state outside of the TRE, and preferably KAuth is not revealed outside of the TRE either. From an implementation perspective, the OMA DM client may be located outside of the TRE, and thus in another embodiment, KAuth is not coupled to OMA DM. KAuth may be used either as a password or the basis of a password, which is included in the encrypted blob as a parameter, or KAuth can be used as a integrity protection key such as the key used in a MAC used to protect the encrypted blob.
On the server side, KAuth may be utilized by the OMA DM server, but there are other setups where this is less appropriate. One example is when the OMA DM server is not positioned in the new SHO network. In this case, the operator may apply KAuth and confidentiality protection before handing the encrypted SIM over to the third party supplying the OMA DM service.
The various embodiments described herein may use OMA DM functionality to implement the various functional steps. OMA DM is preferred as the carrier of a DLUSIM, and it is hence preferred to use the OMA DM Mgmt Tree to organize these changes. However, the OMA DM client (which is the engine using the OMA DM Mgmt Tree) is not the sole entity involved in the management of the DLUSIM. There may also be a DLUSIM Mgmt client, which is using the OMA DM client as a subroutine for the provisioning part. Even if the security of the DLUSIM does not hinge on the security of the OMA DM, the OMA DM Mgmt Tree should look correct. Also, the OMA DM engine's security should be based on KDevice for other management changes.
It is assumed that the device owner has control of the OMA DM Mgmt object “SEMO”. This means in practice that a default OMA DM server identifier may be <device.owner> and that the <device.owner> has Access Control List (ACL) value:
Add=device.owner&Delete=device.owner&Get=*&Replace=device.owner.
The <device.owner> mgmt server may be authenticated by a KApplication Provisioning. It is also acceptable if this same key or derivations of it are used for authenticating other parts of the OMA DM Mgmt Tree. The KApplication provisioning can of course also be calculated by the TRE. So in principle, the TRE can manage the SEMO in the OMA DM Mgmt Tree itself.
All functions and DLUSIMs in the SEMO then have their own management objects in the SE, which are situated below the SEMO in the OMA DM Mgmt Tree. These functions and DLUSIMs have an extended ACL compared to above, where the SPs or operators can be added to the list as well. To manage these functions in the TRE itself, another key called KTRE management, also derived from KDevice, is used in a similar fashion as in the DLUSIM download mechanism described above. This setup gives the device owner the final say in what is happening in his device, but allows the operators to check and verify that no other DLUSIMs are installed in the device, and also to securely manage their own objects.
Further embodiments may use GBA functionality for implementing various detailed functional steps. The KEnd-user service may, for example, be KS-NAF as defined in the 3GPP GBA standard; and the KDevice functions as K. This requires that the ME function as the Bootstrapping Server Function (BSF) in the consumer case. To illustrate this use case, consider the case in which the M2M device is a car. Here the owner of the car wants to connect an insurance service to the car. By surfing in to the insurance site, performing a key exchange with the insurance company, and then logging in to the car and performing a similar key exchange, the car and the insurance company can now set up a secure connection with each other according to GBA.
As will be recognized by those skilled in the art, the innovative concepts described in the present application can be modified and varied over a wide range of applications. Accordingly, the scope of patented subject matter should not be limited to any of the specific exemplary teachings discussed above, but is instead defined by the following claims.

Claims (11)

What is claimed is:
1. A method of securely changing control of a device from an old manager to a new manager, wherein the device obeys commands from a manager only if the commands are verifiable utilizing a device key known to the device, said method comprising the steps of:
initiating the change of control by the old manager, said initiating step including changing a first device key in use between the old manager and the device to a second device key, and sending the second device key from the old manager to the new manager, wherein the step of changing the first device key in use between the old manager and the device to a second device key includes:
sending a first encrypted command from the old manager to the device to change the first device key to the second device key, the first encrypted command including the first device key and a first secret parameter known by the old manager;
calculating by the device, the second device key utilizing the first device key and the first secret parameter received from the old manager; and
calculating by the old manager, the second device key utilizing the first device key and the first secret parameter known by the old manager; and
completing the change of control by the new manager, said completing step including changing the second device key in use between the new manager and the device to a third device key;
wherein upon completion of the change of control, the new manager does not know the first device key and the old manager does not know the third device key.
2. The method as recited in claim 1, wherein the step of changing the second device key in use between the new manager and the device to a third device key includes:
sending a second encrypted command from the new manager to the device to change the second device key to the third device key, the second encrypted command including the second device key and a second secret parameter known by the new manager;
calculating by the device, the third device key utilizing the second device key and the second secret parameter received from the new manager; and
calculating by the new manager, the third device key utilizing the second device key and the second secret parameter known by the new manager.
3. The method as recited in claim 2, further comprising the steps of:
upon receiving the first encrypted command from the old manager, validating by the device that the first encrypted command from the old manager was created with the first device key; and
upon receiving the second encrypted command from the new manager, validating by the device that the second encrypted command from the new manager was created with the second device key.
4. A method of securely changing a communication device from an old operator to a new operator, wherein the communication device has a subscription key and obeys commands from an operator only if the commands are verifiable utilizing an authentication key known to the communication device, said method comprising the steps of:
initiating the change of operator by a manager of the communication device, wherein the initiating step includes sending from the manager to the new operator, first and second authentication keys and an identifier of the communication device;
sending a notification from the new operator to the old operator indicating that the new operator has a new subscription with the communication device;
in response to receiving the notification, changing a first subscription key in use between the old operator and the communication device to a second subscription key, and sending the second subscription key from the old operator to the new operator, wherein the step of changing the first subscription key in use between the old operator and the communication device to a second subscription key includes:
sending a first encrypted command from the old operator to the communication device to change the first subscription key to the second subscription key, the first encrypted command including a currently active authentication key and a first secret parameter known by the old operator;
calculating by the communication device, the second subscription key utilizing the first subscription key and the first secret parameter received from the old operator; and
calculating by the old operator, the second subscription key utilizing the first subscription key and the first secret parameter known by the old operator; and
completing the change of operator by the new operator, said completing step including changing the second subscription key in use between the new operator and the communication device to a third subscription key;
wherein upon completion of the change of operator, the new operator does not know the first subscription key and the old operator does not know the third subscription key.
5. The method as recited in claim 4, wherein the communication device is a mobile device, and the manager sends the first and second authentication keys and the mobile device's International Mobile Station Identifier (IMSI) to the new operator in a subscription registration message.
6. The method as recited in claim 4, wherein the step of changing the second subscription key in use between the new operator and the communication device to a third subscription key includes:
sending a second encrypted command from the new operator to the communication device to change the second subscription key to the third subscription key, the second encrypted command including the first authentication key received from the owner and a second secret parameter known by the new operator;
calculating by the communication device, the third subscription key utilizing the second subscription key and the second secret parameter received from the new operator; and
calculating by the new operator, the third subscription key utilizing the second subscription key and the second secret parameter known by the new operator.
7. The method as recited in claim 6, further comprising the steps of:
upon receiving the first encrypted command from the old operator, validating by the communication device that the first encrypted command from the old operator was created with the currently active authentication key; and
upon receiving the second encrypted command from the new operator, validating by the communication device that the second encrypted command, from the new operator was created with the first authentication key.
8. The method as recited in claim 6, further comprising validating the communication device by the new operator.
9. A system for securely changing a communication device from an old operator network to a new operator network, wherein the communication device has a subscription key and obeys commands from an operator network only if the commands are verifiable utilizing an authentication key known to the communication device, said system comprising:
an owner node of the communication device configured to initiate the change of operator network by sending a subscription registration message to the new operator network, the subscription registration message including first and second authentication keys and an identifier of the communication device;
a first interface within the new operator network configured to send a notification to the old operator network indicating that the new operator network has a new subscription with the communication device;
a second interface within the old operator network configured to send a first encrypted command to the communication device to change a currently active first subscription key to a second subscription key, the first encrypted command including a currently active authentication key and a first secret parameter known by the old operator network;
a first processor within the communication device configured to calculate the second subscription key utilizing the first subscription key and the first secret parameter received from the old operator network;
a second processor within the old operator network configured to calculate the second subscription key;
a third interface within the old operator network configured to send the second subscription key to the new operator network;
a fourth interface within the new operator network configured to send a second encrypted command to the communication device to change the second subscription key to a third subscription key, the second encrypted command including the first authentication key received from the owner node and a second secret parameter known by the new operator network;
the first processor within the communication device being configured to calculate the third subscription key utilizing the second subscription key and the second secret parameter received from the new operator network; and
a third processor within the new operator network configured to calculate the third subscription key.
10. The system as recited in claim 9, wherein the first processor within the communication device is also configured to:
validate that the first encrypted command from the old operator network was created with the currently active authentication key; and
validate that the second encrypted command from the new operator network was created with the first authentication key.
11. The system as recited in claim 10, wherein the third processor within the new operator network is also configured to validate the communication device.
US12/606,490 2008-10-28 2009-10-27 Method and arrangement for provisioning and managing a device Active 2032-05-30 US8578153B2 (en)

Priority Applications (5)

Application Number Priority Date Filing Date Title
US12/606,490 US8578153B2 (en) 2008-10-28 2009-10-27 Method and arrangement for provisioning and managing a device
EP09823906.4A EP2340654B1 (en) 2008-10-28 2009-10-28 Method for securely changing a mobile device from an old owner to a new owner.
PCT/SE2009/051225 WO2010050886A1 (en) 2008-10-28 2009-10-28 Method for securely changing a mobile device from an old owner to a new owner.
CN200980143734.2A CN102204299B (en) 2008-10-28 2009-10-28 Method for securely changing mobile device from old owner to new owner
US13/711,990 US20140365769A9 (en) 2008-10-28 2012-12-12 Method and arrangement for provisioning and managing a device

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US10899408P 2008-10-28 2008-10-28
US12/606,490 US8578153B2 (en) 2008-10-28 2009-10-27 Method and arrangement for provisioning and managing a device

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/711,990 Division US20140365769A9 (en) 2008-10-28 2012-12-12 Method and arrangement for provisioning and managing a device

Publications (2)

Publication Number Publication Date
US20100106967A1 US20100106967A1 (en) 2010-04-29
US8578153B2 true US8578153B2 (en) 2013-11-05

Family

ID=42118639

Family Applications (2)

Application Number Title Priority Date Filing Date
US12/606,490 Active 2032-05-30 US8578153B2 (en) 2008-10-28 2009-10-27 Method and arrangement for provisioning and managing a device
US13/711,990 Abandoned US20140365769A9 (en) 2008-10-28 2012-12-12 Method and arrangement for provisioning and managing a device

Family Applications After (1)

Application Number Title Priority Date Filing Date
US13/711,990 Abandoned US20140365769A9 (en) 2008-10-28 2012-12-12 Method and arrangement for provisioning and managing a device

Country Status (4)

Country Link
US (2) US8578153B2 (en)
EP (1) EP2340654B1 (en)
CN (1) CN102204299B (en)
WO (1) WO2010050886A1 (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120047237A1 (en) * 2009-04-16 2012-02-23 Petter Arvidsson Method, Server, Computer Program and Computer Program Product for Communicating with Secure Element
US9280389B1 (en) 2014-12-30 2016-03-08 Tyco Fire & Security Gmbh Preemptive operating system without context switching
US10095746B2 (en) 2015-12-03 2018-10-09 At&T Intellectual Property I, L.P. Contextual ownership
US10268485B2 (en) 2014-02-28 2019-04-23 Tyco Fire & Security Gmbh Constrained device and supporting operating system
US10293787B2 (en) * 2017-08-10 2019-05-21 Ford Global Technologies, Llc Vehicle key management
US10440006B2 (en) 2017-06-21 2019-10-08 Microsoft Technology Licensing, Llc Device with embedded certificate authority
US10558812B2 (en) 2017-06-21 2020-02-11 Microsoft Technology Licensing, Llc Mutual authentication with integrity attestation
US10938560B2 (en) 2017-06-21 2021-03-02 Microsoft Technology Licensing, Llc Authorization key escrow
US10977052B2 (en) 2013-05-06 2021-04-13 Convida Wireless, Llc Machine-to-machine bootstrapping
US11063912B2 (en) * 2013-09-13 2021-07-13 Vodafone Ip Licensing Limited Methods and systems for communicating with an M2M device
US11374760B2 (en) 2017-09-13 2022-06-28 Microsoft Technology Licensing, Llc Cyber physical key
US11747430B2 (en) 2014-02-28 2023-09-05 Tyco Fire & Security Gmbh Correlation of sensory inputs to identify unauthorized persons
US12256024B2 (en) 2017-06-21 2025-03-18 Microsoft Technology Licensing, Llc Device provisioning

Families Citing this family (60)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8578153B2 (en) * 2008-10-28 2013-11-05 Telefonaktiebolaget L M Ericsson (Publ) Method and arrangement for provisioning and managing a device
CN104640104A (en) * 2009-03-05 2015-05-20 交互数字专利控股公司 Method of WTRU for establishing network connection and WTRU
WO2011025876A1 (en) * 2009-08-27 2011-03-03 Interdigital Patent Holdings, Inc. Method and apparatus for solving limited addressing space in machine-to-machine (m2m) environments
CN102026149B (en) * 2009-09-14 2015-08-12 中兴通讯股份有限公司 The method and system that a kind of M2M equipment home network operator changes
CN103190134B (en) * 2010-08-31 2016-03-23 瑞典爱立信有限公司 ISIM can be downloaded
CN102142980B (en) * 2010-10-27 2014-05-07 华为技术有限公司 Method and gateway for remotely managing sensor network topology
KR20120067459A (en) * 2010-12-16 2012-06-26 삼성전자주식회사 Method and apparatus for authenticating per m2m device between service provider and mobile network operator
GB201021784D0 (en) * 2010-12-22 2011-02-02 Vodafone Ip Licensing Ltd SIM Locking
US20120203824A1 (en) 2011-02-07 2012-08-09 Nokia Corporation Method and apparatus for on-demand client-initiated provisioning
WO2012136867A1 (en) * 2011-04-05 2012-10-11 Valid Soluciones Tecnologicas, S.A.U. Method and system for the remote provision of subscriptions
US8707022B2 (en) * 2011-04-05 2014-04-22 Apple Inc. Apparatus and methods for distributing and storing electronic access clients
US9059980B2 (en) 2011-05-26 2015-06-16 First Data Corporation Systems and methods for authenticating mobile devices
EP2538707B1 (en) * 2011-06-21 2019-08-28 Alcatel Lucent Method for uploading subscriber credentials and associated equipment
KR20130012243A (en) * 2011-07-08 2013-02-01 주식회사 케이티 Method for changing mno of embedded sim based on privilege, embedded sim and recording medium for the same
KR20130006258A (en) 2011-07-08 2013-01-16 주식회사 케이티 Method for changing mno of embedded sim based on dynamic key generation, embedded sim and recording medium for the same
KR101879457B1 (en) * 2011-07-08 2018-07-18 주식회사 케이티 Method for Managing Key of Embedded SIM, Embedded SIM and recording medium for the same
US8255687B1 (en) 2011-09-15 2012-08-28 Google Inc. Enabling users to select between secure service providers using a key escrow service
KR101363753B1 (en) * 2011-10-18 2014-02-17 에스케이씨앤씨 주식회사 Method and system for changing key on SE in mobile device
CN103096308B (en) * 2011-11-01 2016-01-20 华为技术有限公司 The method of group cipher key generating and relevant device
US9569237B2 (en) * 2011-12-29 2017-02-14 Telefonaktiebolaget Lm Ericsson (Publ) Virtual machine management using a downloadable subscriber identity module
WO2013100636A1 (en) 2011-12-30 2013-07-04 에스케이씨앤씨 주식회사 Master tsm
AU2013207623B2 (en) * 2012-02-28 2014-04-03 Google Llc Portable secure element
US8385553B1 (en) * 2012-02-28 2013-02-26 Google Inc. Portable secure element
CN103313241B (en) * 2012-03-15 2016-12-14 中国移动通信集团公司 A kind of SE key management method, business platform, management platform and system
US8429409B1 (en) 2012-04-06 2013-04-23 Google Inc. Secure reset of personal and service provider information on mobile devices
CA2810360C (en) 2012-06-27 2016-05-10 Rogers Communications Inc. System and method for remote provisioning of embedded universal integrated circuit cards
EP2704466A1 (en) * 2012-09-03 2014-03-05 Alcatel Lucent Smart card personnalization with local generation of keys
EP2712222B1 (en) 2012-09-25 2020-04-01 Alcatel Lucent Confidential provisioning of secret keys over the air
CN103702377B (en) * 2012-09-27 2017-04-12 华为终端有限公司 Network switch method and equipment
JP6055111B2 (en) * 2013-01-18 2016-12-27 エルジー エレクトロニクス インコーポレイティド Method and apparatus for proximity control in a wireless communication system
US9503485B1 (en) 2013-03-01 2016-11-22 Whatsapp Inc. Connecting communicating devices in a multi-server communication system
CN104219687B (en) 2013-06-05 2018-07-13 华为终端有限公司 Detect the method and device of target network covering
EP2824945A1 (en) * 2013-07-11 2015-01-14 Alcatel Lucent Sim proxy module for roaming in a mobile network
US9633210B2 (en) * 2013-09-13 2017-04-25 Microsoft Technology Licensing, Llc Keying infrastructure
KR20160082967A (en) * 2013-11-08 2016-07-11 엘지전자 주식회사 Method for subscription and notification in m2m communication system and device therefor
US9635014B2 (en) * 2014-02-21 2017-04-25 Samsung Electronics Co., Ltd. Method and apparatus for authenticating client credentials
GB2527276B (en) * 2014-04-25 2020-08-05 Huawei Tech Co Ltd Providing network credentials
GB2526619A (en) * 2014-05-30 2015-12-02 Vodafone Ip Licensing Ltd Service provisioning
EP2993608A1 (en) * 2014-09-03 2016-03-09 Gemalto Sa A method for changing the ownership of a secure element
WO2016055417A1 (en) * 2014-10-10 2016-04-14 Deutsche Telekom Ag Method for provisioning an embedded universal integrated circuit entity within an electronic device
EP3205133B1 (en) * 2014-10-10 2021-04-07 Deutsche Telekom AG Method for transferring an assignment regarding an embedded universal integrated circuit entity from a first mobile network operator to a second mobile network operator
EP3010264A1 (en) * 2014-10-16 2016-04-20 Gemalto Sa Method to manage subscriptions in a provisioning server
US10671980B2 (en) 2014-10-20 2020-06-02 Mastercard International Incorporated Systems and methods for detecting potentially compromised payment cards
US9439069B2 (en) * 2014-12-17 2016-09-06 Intel IP Corporation Subscriber identity module provider apparatus for over-the-air provisioning of subscriber identity module containers and methods
US10992472B2 (en) * 2015-02-27 2021-04-27 Pcms Holdings, Inc. Systems and methods for secure roll-over of device ownership
CN104869562A (en) * 2015-04-24 2015-08-26 小米科技有限责任公司 Information transmission method, device and system
US9578008B2 (en) * 2015-05-11 2017-02-21 Intel Corporation Technologies for secure bootstrapping of virtual network functions
US20160364787A1 (en) * 2015-06-09 2016-12-15 Intel Corporation System, apparatus and method for multi-owner transfer of ownership of a device
EP3122083A1 (en) * 2015-07-21 2017-01-25 Giesecke & Devrient GmbH Method for providing a subscription to a secure element
US10263968B1 (en) * 2015-07-24 2019-04-16 Hologic Inc. Security measure for exchanging keys over networks
EP3255913A1 (en) * 2015-10-26 2017-12-13 Baldur Jehnke Low-cost phone number porting
US10037436B2 (en) 2015-12-11 2018-07-31 Visa International Service Association Device using secure storage and retrieval of data
EP3253021A1 (en) * 2016-06-03 2017-12-06 Gemalto Sa A method for managing the status of a connected device
US10820265B2 (en) 2016-10-07 2020-10-27 Nokia Technologies Oy IoT device connectivity provisioning
JP6855918B2 (en) * 2017-05-16 2021-04-07 株式会社デンソー Vehicle systems and electronic control devices that process encryption keys
DE102017116937A1 (en) * 2017-07-26 2019-01-31 Techem Energy Services Gmbh Detection device, service device, building communication system and method for authorizing a service device on a detection device
US10833926B2 (en) * 2017-11-17 2020-11-10 T-Mobile Usa, Inc. Touchless secure bootstrapping of IoT devices
EP3910873B1 (en) * 2020-05-15 2025-01-01 Kamstrup A/S Key-management for advanced metering infrastructure
US11328111B2 (en) 2020-09-25 2022-05-10 Intel Corporation Broadcast remote sealing for scalable trusted execution environment provisioning
KR20220103025A (en) * 2021-01-14 2022-07-21 현대자동차주식회사 Method and apparatus for replacing security key in machine to machine system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149666A1 (en) * 2000-11-20 2003-08-07 Davies Philip Michael Personal authentication system
US20050155036A1 (en) * 2003-12-19 2005-07-14 Nokia Corporation Application server addressing
WO2006092642A1 (en) 2005-03-01 2006-09-08 Nokia Corporation Access rights control in a device management system
US20070003062A1 (en) * 2005-06-30 2007-01-04 Lucent Technologies, Inc. Method for distributing security keys during hand-off in a wireless communication system
US20070250617A1 (en) 2006-04-21 2007-10-25 Pantech Co., Ltd. Method for managing user domain
US20080282090A1 (en) * 2007-05-07 2008-11-13 Jonathan Leybovich Virtual Property System for Globally-Significant Objects
US20080301463A1 (en) * 2004-09-14 2008-12-04 Dirk Michelsen Method for Documenting Property or Possession and Transfer of Property or Possession of a Merchandise
US20090217348A1 (en) * 2008-02-22 2009-08-27 Patrik Mikael Salmela Methods and Apparatus for Wireless Device Registration

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FI107486B (en) * 1999-06-04 2001-08-15 Nokia Networks Oy Providing authentication and encryption in a mobile communication system
GB2377589B (en) * 2001-07-14 2005-06-01 Motorola Inc Ciphering keys for different cellular communication networks
US7774008B2 (en) * 2006-12-22 2010-08-10 Cellco Partnership MDN-less SMS messaging (network solution) for wireless M2M application
EP3010205A1 (en) * 2008-01-18 2016-04-20 Interdigital Patent Holdings, Inc. Method and apparatus for performing validation of a machine to machine communication equipment
EP2235911A4 (en) * 2008-01-22 2012-08-08 Ericsson Telefon Ab L M DISTRIBUTION OF SECURITY POLICY TO COMMUNICATION TERMINALS
US20090191857A1 (en) * 2008-01-30 2009-07-30 Nokia Siemens Networks Oy Universal subscriber identity module provisioning for machine-to-machine communications
US20090217038A1 (en) * 2008-02-22 2009-08-27 Vesa Petteri Lehtovirta Methods and Apparatus for Locating a Device Registration Server in a Wireless Network
US20090253409A1 (en) * 2008-04-07 2009-10-08 Telefonaktiebolaget Lm Ericsson (Publ) Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device
US8578153B2 (en) * 2008-10-28 2013-11-05 Telefonaktiebolaget L M Ericsson (Publ) Method and arrangement for provisioning and managing a device
EP2721849A4 (en) * 2011-06-15 2015-03-04 Ericsson Telefon Ab L M Provisioning connectivity service data in a telecommunications network

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030149666A1 (en) * 2000-11-20 2003-08-07 Davies Philip Michael Personal authentication system
US20050155036A1 (en) * 2003-12-19 2005-07-14 Nokia Corporation Application server addressing
US20080301463A1 (en) * 2004-09-14 2008-12-04 Dirk Michelsen Method for Documenting Property or Possession and Transfer of Property or Possession of a Merchandise
WO2006092642A1 (en) 2005-03-01 2006-09-08 Nokia Corporation Access rights control in a device management system
US20070003062A1 (en) * 2005-06-30 2007-01-04 Lucent Technologies, Inc. Method for distributing security keys during hand-off in a wireless communication system
US20070250617A1 (en) 2006-04-21 2007-10-25 Pantech Co., Ltd. Method for managing user domain
US20080282090A1 (en) * 2007-05-07 2008-11-13 Jonathan Leybovich Virtual Property System for Globally-Significant Objects
US20090217348A1 (en) * 2008-02-22 2009-08-27 Patrik Mikael Salmela Methods and Apparatus for Wireless Device Registration

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Open Mobile Alliance, "Device Management Requirements". Approved Version 1.2. Feb. 9, 2007.
Tuladhar, Summit. "Inter-Domain Authentication for Seamless Roaming in Heterogeneous Wireless Network" Pub. Date. 2007. pp. 1-50. *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9572025B2 (en) * 2009-04-16 2017-02-14 Telefonaktiebolaget Lm Ericsson (Publ) Method, server, computer program and computer program product for communicating with secure element
US20120047237A1 (en) * 2009-04-16 2012-02-23 Petter Arvidsson Method, Server, Computer Program and Computer Program Product for Communicating with Secure Element
US10977052B2 (en) 2013-05-06 2021-04-13 Convida Wireless, Llc Machine-to-machine bootstrapping
US11829774B2 (en) 2013-05-06 2023-11-28 Convida Wireless, Llc Machine-to-machine bootstrapping
US11354136B2 (en) 2013-05-06 2022-06-07 Convida Wireless, Llc Machine-to-machine bootstrapping
US11063912B2 (en) * 2013-09-13 2021-07-13 Vodafone Ip Licensing Limited Methods and systems for communicating with an M2M device
US10268485B2 (en) 2014-02-28 2019-04-23 Tyco Fire & Security Gmbh Constrained device and supporting operating system
US11747430B2 (en) 2014-02-28 2023-09-05 Tyco Fire & Security Gmbh Correlation of sensory inputs to identify unauthorized persons
US9280389B1 (en) 2014-12-30 2016-03-08 Tyco Fire & Security Gmbh Preemptive operating system without context switching
US9910701B2 (en) 2014-12-30 2018-03-06 Tyco Fire & Security Gmbh Preemptive operating system without context switching
US10095746B2 (en) 2015-12-03 2018-10-09 At&T Intellectual Property I, L.P. Contextual ownership
US10685028B2 (en) 2015-12-03 2020-06-16 At&T Intellectual Property I, L.P. Contextual ownership
US10938560B2 (en) 2017-06-21 2021-03-02 Microsoft Technology Licensing, Llc Authorization key escrow
US10558812B2 (en) 2017-06-21 2020-02-11 Microsoft Technology Licensing, Llc Mutual authentication with integrity attestation
US10440006B2 (en) 2017-06-21 2019-10-08 Microsoft Technology Licensing, Llc Device with embedded certificate authority
US12256024B2 (en) 2017-06-21 2025-03-18 Microsoft Technology Licensing, Llc Device provisioning
US10293787B2 (en) * 2017-08-10 2019-05-21 Ford Global Technologies, Llc Vehicle key management
US11374760B2 (en) 2017-09-13 2022-06-28 Microsoft Technology Licensing, Llc Cyber physical key

Also Published As

Publication number Publication date
US20100106967A1 (en) 2010-04-29
EP2340654A4 (en) 2013-08-07
CN102204299A (en) 2011-09-28
CN102204299B (en) 2014-04-09
EP2340654B1 (en) 2018-04-25
WO2010050886A1 (en) 2010-05-06
EP2340654A1 (en) 2011-07-06
US20140365769A9 (en) 2014-12-11
US20130185560A1 (en) 2013-07-18

Similar Documents

Publication Publication Date Title
US8578153B2 (en) Method and arrangement for provisioning and managing a device
KR102026612B1 (en) Method for Creating Trust Relationship and Embedded UICC
US10694369B2 (en) Profile management method, embedded UICC, and device provided with the embedded UICC
JP6033291B2 (en) Service access authentication method and system
US9332575B2 (en) Method and apparatus for enabling connectivity in a communication network
US20180091978A1 (en) Universal Integrated Circuit Card Having A Virtual Subscriber Identity Module Functionality
KR101287227B1 (en) Virtual subscriber identity module
EP2255507B1 (en) A system and method for securely issuing subscription credentials to communication devices
KR102382851B1 (en) Apparatus and methods for esim device and server to negociate digital certificates
KR101907814B1 (en) a remote subscription management method of the eUICC,
US20090191857A1 (en) Universal subscriber identity module provisioning for machine-to-machine communications
US20090253409A1 (en) Method of Authenticating Home Operator for Over-the-Air Provisioning of a Wireless Device
KR102293683B1 (en) Apparatus and Methods for Access Control on eSIM
JP5468623B2 (en) Apparatus and method for protecting bootstrap messages in a network
EP1993301B1 (en) Method and apparatus of operating a wireless home area network
KR20130032873A (en) Wireless network authentication apparatus and methods
KR20120044916A (en) Methods and apparatus for delivering electronic identification components over a wireless network
KR101891330B1 (en) Subscription Method for Embedded UICC using Trusted Subscription Manager and Embedded UICC Architecture therefor
Chitroub et al. Securing mobile iot deployment using embedded sim: Concerns and solutions

Legal Events

Date Code Title Description
AS Assignment

Owner name: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL),SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:JOHANSSON, MATTIAS;ENGLUND, HAKAN;SIGNING DATES FROM 20091023 TO 20091026;REEL/FRAME:023432/0777

Owner name: TELEFONAKTIEBOLAGET LM ERICSSON (PUBL), SWEDEN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:JOHANSSON, MATTIAS;ENGLUND, HAKAN;SIGNING DATES FROM 20091023 TO 20091026;REEL/FRAME:023432/0777

STCF Information on status: patent grant

Free format text: PATENTED CASE

CC Certificate of correction
FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载